Mal wieder keine zulässige Win32 Anwendung...

elsaso · Jun 30, 2011

Moin, hat mich auch erwischt.
Alle Programme die ich seit dem Virenbefall versuche zu installieren, enthalten diese Meldung. Außerdem fällt auf, dass die Programme,die ich seit dem zeitpunkt runterlade, o byte groß sind.
Die Systemwiederherstellung funktioniert auch nicht, habe schon alles probiert. Auch Scannen mit Spybot und Antivir im abgesicherten Modus ergab zwar einen Fund,aber es ist immer noch di selbe Meldung. Außerdem öffnet Firefox immer ***** und Werbeseiten.
Was kann ich tun?
Das Logfile (hoffentlich das richtige...)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:51:32, on 30.06.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Users\Sas\AppData\Local\Temp\csrss.exe
C:\Users\Sas\AppData\Roaming\Microsoft\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Sas\AppData\Roaming\dwm.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
D:\Users\Sas\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Sas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:54788
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Sas\AppData\Local\Temp\csrss.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
O4 - HKLM\..\Run: [conhost] C:\Users\Sas\AppData\Roaming\Microsoft\conhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Security Protection] C:\ProgramData\defender.exe
O4 - HKCU\..\Run: [conhost] C:\Users\Sas\AppData\Roaming\Microsoft\conhost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: CineForm Status.lnk = C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Druckwarteschlange (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8490 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-17 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-11-03 281768]
"NPSStartup"= []
"Conime"=C:\Windows\system32\conime.exe []
"EKIJ5000StatusMonitor"=C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE [2010-09-02 2045440]
"conhost"=C:\Users\Sas\AppData\Roaming\Microsoft\conhost.exe [2011-06-29 168960]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-01-25 421160]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2009-06-08 611712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe []
"AdobeBridge"= []
"Security Protection"=C:\ProgramData\defender.exe []
"conhost"=C:\Users\Sas\AppData\Roaming\Microsoft\conhost.exe [2011-06-29 168960]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
CineForm Status.lnk - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-06-30 14:42:14 ----D---- C:\rsit
2011-06-30 14:15:06 ----A---- C:\Users\Sas\AppData\Roaming\dwm.exe
2011-06-30 10:39:03 ----D---- C:\Neuer Ordner
2011-06-29 11:59:59 ----A---- C:\Windows\SysWOW64\drvinst.exe
2011-06-29 11:59:59 ----A---- C:\Windows\SysWOW64\devrtl.dll
2011-06-29 11:59:59 ----A---- C:\Windows\SysWOW64\devobj.dll
2011-06-29 11:59:59 ----A---- C:\Windows\SysWOW64\cfgmgr32.dll
2011-06-29 11:59:57 ----A---- C:\Windows\SysWOW64\tquery.dll
2011-06-29 11:59:57 ----A---- C:\Windows\SysWOW64\mssrch.dll
2011-06-29 11:59:56 ----A---- C:\Windows\SysWOW64\SearchProtocolHost.exe
2011-06-29 11:59:56 ----A---- C:\Windows\SysWOW64\SearchIndexer.exe
2011-06-29 11:59:56 ----A---- C:\Windows\SysWOW64\mssvp.dll
2011-06-29 11:59:56 ----A---- C:\Windows\SysWOW64\mssph.dll
2011-06-29 11:59:55 ----A---- C:\Windows\SysWOW64\SearchFilterHost.exe
2011-06-29 11:59:55 ----A---- C:\Windows\SysWOW64\mssphtb.dll
2011-06-29 11:59:55 ----A---- C:\Windows\SysWOW64\msscntrs.dll
2011-06-16 10:32:54 ----A---- C:\Windows\SysWOW64\mshtml.dll
2011-06-16 10:32:51 ----A---- C:\Windows\SysWOW64\ieframe.dll
2011-06-16 10:32:50 ----A---- C:\Windows\SysWOW64\iertutil.dll
2011-06-16 10:32:48 ----A---- C:\Windows\SysWOW64\urlmon.dll
2011-06-16 10:32:46 ----A---- C:\Windows\SysWOW64\wininet.dll
2011-06-16 10:32:46 ----A---- C:\Windows\SysWOW64\mstime.dll
2011-06-16 10:32:46 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2011-06-16 10:32:46 ----A---- C:\Windows\SysWOW64\ieui.dll
2011-06-16 10:32:46 ----A---- C:\Windows\SysWOW64\iepeers.dll
2011-06-16 10:32:46 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2011-06-16 10:32:45 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2011-06-16 10:32:45 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2011-06-16 10:32:45 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2011-06-16 10:32:45 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2011-06-16 10:32:45 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2011-06-16 10:32:31 ----A---- C:\Windows\SysWOW64\d3d10_1.dll
2011-06-16 10:32:29 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2011-06-16 10:32:27 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2011-06-07 11:36:14 ----D---- C:\Users\Sas\AppData\Roaming\MPEG Streamclip
2011-06-06 23:48:36 ----D---- C:\Users\Sas\AppData\Roaming\XMedia Recode
2011-06-06 00:40:22 ----A---- C:\Windows\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2011-06-30 14:51:23 ----D---- C:\Program Files (x86)\Trend Micro
2011-06-30 14:36:40 ----SHD---- C:\Windows\Installer
2011-06-30 14:36:28 ----SHD---- C:\System Volume Information
2011-06-30 14:30:03 ----D---- C:\Windows\Prefetch
2011-06-30 13:08:21 ----D---- C:\Windows\System32
2011-06-30 13:08:21 ----D---- C:\Windows\inf
2011-06-30 13:02:49 ----D---- C:\Windows\Temp
2011-06-30 13:02:44 ----D---- C:\ProgramData\Kodak
2011-06-30 13:01:52 ----D---- C:\Windows\pss
2011-06-30 09:39:23 ----D---- C:\Windows\winsxs
2011-06-29 23:00:48 ----D---- C:\Windows\SysWOW64
2011-06-29 23:00:47 ----RSD---- C:\Windows\Fonts
2011-06-29 22:38:32 ----D---- C:\Users\Sas\AppData\Roaming\uTorrent
2011-06-29 19:31:35 ----SD---- C:\Users\Sas\AppData\Roaming\Microsoft
2011-06-26 16:15:00 ----D---- C:\Users\Sas\AppData\Roaming\ICQ
2011-06-23 01:24:44 ----D---- C:\Program Files (x86)\GoPro
2011-06-23 01:22:49 ----HD---- C:\ProgramData
2011-06-21 18:23:07 ----D---- C:\Windows\SysWOW64\migration
2011-06-21 18:23:07 ----D---- C:\Program Files (x86)\Internet Explorer
2011-06-16 12:22:39 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-06-07 11:03:21 ----RD---- C:\Program Files (x86)
2011-06-06 00:40:22 ----D---- C:\Windows
2011-06-06 00:33:52 ----D---- C:\Users\Sas\AppData\Roaming\Adobe
2011-06-03 12:17:15 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R2 adfs;adfs; C:\Windows\SysWOW64\drivers\adfs.sys [2009-06-08 86584]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S1 StarOpen;StarOpen; C:\Windows\SysWOW64\drivers\StarOpen.sys [2006-07-24 5632]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-03-21 269480]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-01-05 37664]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-09-13 308656]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2011-01-25 933664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-31 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-12-31 655624]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Hnas2 · Jun 30, 2011

1. Eine so kastrierte Log-Datei ist total sinnlos.
2. Du solltest nicht lange überlegen und dein System neu aufsetzen.

elsaso · Jun 30, 2011

Das will ich ja vermeiden..
Sorry wusste nicht was man alles braucht, hab die Datei nochmal neu gepostet

Hnas2 · Jun 30, 2011

Den PC bekommst du nie sauber. Antivir hat ja schon oft genug Alarm geschlagen und befallene Dateien gelöscht.
HighJackThis zeigt mindestens zwei als Systemdienste getarnte Rootkits und weitere höchst riskante gestartete Programme.

deoroller · Jun 30, 2011

Datensicherung kannst du mit Knoppix machen. Was gesichert wird, sollte mit einem aktuellen AV-Programm untersucht werden, bevor es wieder verwendet wird. Der Rest: Formatieren und Betriebssystem neu aufsetzen.
Direkt nach Neuinstallation Windows Update benutzen, um das SP1 und alle Patches zu erhalten.

Log in or Sign up

Mal wieder keine zulässige Win32 Anwendung...

elsaso ROM

Hnas2 Ganzes Gigabyte

elsaso ROM

Hnas2 Ganzes Gigabyte

deoroller Wandelndes Forum

Share This Page